Method, server and mobile communication device for managing unique memory device identifications

ABSTRACT

A method for server-based managing of unique memory device identifications, such as serial numbers, of memory devices having unique memory device identifications, like MIFARE devices, preferably emulated MIFARE devices like SmartMX cards, which memory devices are arranged in mobile communication devices, comprises keeping a repository of available memory device identifications; fetching a memory device identification from the repository and sending it to a specific mobile communication device; and instructing the mobile communication device to change the memory device identification of its associated memory device from its present value to the received new value. Further, the server instructs the mobile communication device to return the previous value of the memory device identification of its associated memory device. Finally, the server will add the returned memory device identification value to the repository of memory device identifications.

FIELD OF THE INVENTION

The invention relates to a method for server-based managing of unique memory device identifications, such as serial numbers, of memory devices, like MIFARE devices, preferably emulated MIFARE devices like SmartMX cards, which memory devices are arranged in mobile communication devices.

The invention further relates to a server having an arithmetic-logic unit and memory means and being connectable to a repository of available memory device identifications and being further connectable via a communication channel to mobile communication devices comprising memory devices having unique memory device identifications, like MIFARE devices, preferably emulated MIFARE devices, like SmartMX cards.

The invention further relates to a method for operating a mobile communication device that comprises a memory device having a unique memory device identification, like a MIFARE device, preferably an emulated MIFARE device, like a SmartMX card.

The invention further relates to a computer program product directly loadable into the memory of a mobile communication device being equipped with a memory device having a unique memory device identification, like a MIFARE device.

The invention further relates to a mobile communication device being adapted to process the computer program product mentioned in the above paragraph.

BACKGROUND OF THE INVENTION

The MIFARE® classic family, developed by NXP Semiconductors is the pioneer and front runner in contactless smart card ICs operating in the 13.56 MHz frequency range with read/write capability. MIFARE® is a trademark of NXP Semiconductors. MIFARE complies with ISO14443 A, which is used in more than 80% of all contactless smart cards today. The technology is embodied in both cards and card reader devices. MIFARE cards are being used in an increasingly broad range of applications (including transport ticketing, access control, e-payment, road tolling, and loyalty applications). MIFARE Standard (or Classic) cards employ a proprietary high-level protocol with a proprietary security protocol for authentication and ciphering. MIFARE® technology has become a standard for memory devices with key-protected memory sectors. One example for a published product specification of MIFARE® technology is the data sheet “MIFARE® Standard Card IC MF1 IC S50—Functional Specification” (1998). MIFARE® technology is also discussed in: Klaus Finkenzeller, “RFID Handbuch”, HANSER, 3^(rd) edition (2002).

The MIFARE Classic cards are fundamentally just memory storage devices, where the memory is divided into sectors and blocks with simple security mechanisms for access control. Each device has a unique serial number. Anticollision is provided so that several cards in the field may be selected and operated in sequence.

The MIFARE Standard 1 k offers about 768 bytes of data storage, split into 16 sectors with 4 blocks of 16 bytes each (one block consists of 16 byte); each sector is protected by two different keys, called A and B. They can be programmed for operations like reading, writing, increasing value blocks, etc. The last block of each sector is called “trailer”, which contains two secret keys (A and B) and programmable access conditions for each block in this sector. In order to support multi-application with key hierarchy an individual set of two keys (A and B) per sector (per application) is provided.

The memory organization of a MIFARE Standard 1 k card is shown in FIG. 1. The 1024×8 bit EEPROM memory is organized in 16 sectors with 4 blocks of 16 bytes each. The first data block (block 0) of the first sector (sector 0) is the manufacturer block which is shown in detail in FIG. 2. It contains the serial number of the MIFARE card that has a length of four bytes (bytes 0 to 3), a check byte (byte 4) and eleven bytes of IC manufacturer data (bytes 5 to 15). The serial number is sometimes called MIFARE User IDentification (MUID) and is a unique number. Due to security and system requirements the manufacturer block is write protected after having been programmed by the IC manufacturer at production. However, the MIFARE specification allows to change the serial number during operation of the MIFARE card, which is particularly useful for MIFARE emulation cards like SmartMX cards.

SmartMX (Memory eXtension) is a family of smart cards that have been designed by NXP Semiconductors for high-security smart card applications requiring highly reliable solutions, with or without multiple interface options. Key applications are e-government, banking/finance, mobile communications and advanced public transportation.

The ability to run the MIFARE protocol concurrently with other contactless transmission protocols implemented by the User Operating System enables the combination of new services and existing applications based on MIFARE (e.g. ticketing) on a single Dual Interface controller based smart card. SmartMX cards are able to emulate MIFARE Classic devices and thereby makes this interface compatible with any installed MIFARE Classic infrastructure. The contactless interface can be used to communicate via any protocol, particularly the MIFARE protocol and self defined contactless transmission protocols. SmartMX enables the easy implementation of state-of-the-art operating systems and open platform solutions including JCOP (the Java Card Operating System) and offers an optimized feature set together with the highest levels of security. SmartMX incorporates a range of security features to counter measure side channel attacks like DPA, SPA etc. A true anticollision method (acc. ISO/IEC 14443-3), enables multiple cards to be handled simultaneously.

Building on the huge installed base of the MIFARE® interface platform, SmartMX enables e.g. Service Providers to introduce even more convenient ticketing systems and payment concepts. The high security (PKI and 3-DES) and the extended functionality of SmartMX allows for the integration of loyalty concepts, access to vending machines, or using an e-purse to pay fares instead of pre-paid electronic ticketing. The essential features of SmartMX cards are the following:

-   -   Contact interface UART according to ISO 7816.     -   Contactless interface UART according to ISO 14443.     -   Exception sensors for voltage, frequency and temperature.     -   Memory management unit.     -   MIFARE® classic emulation.     -   JavaCard Operating System.     -   DES and/or RSA engine.     -   Up to 72 kilobyte EEPROM memory space.

It should be noted that the emulation of MIFARE Classic cards is not only restricted to SmartMX cards, but there may also exist other present or future smartcards being able to emulate MIFARE Classic cards.

Recently, mobile communication devices have been developed which contain memory devices having unique memory device identifications, like MIFARE devices, either being configured as MIFARE Classic cards or as MIFARE emulation devices like SmartMX cards. These mobile communication devices comprise e.g. mobile phones with Near Field Communication (NFC) capabilities, but are not limited to mobile phones.

While both MIFARE Classic cards and MIFARE emulation devices have proved to be a story of success in the market, these huge success has nevertheless revealed a bottleneck in the MIFARE specification, namely the relatively short length of the unique serial number of each MIFARE device, which is limited to 3 bytes. There is a risk that all theoretically available 16777216 serial numbers will be exhausted in the near future. In this regards one should know that in order to guarantee the uniqueness of the serial numbers of MIFARE devices allocation of serial numbers to these devices is exclusively controlled by NXP semiconductors. Nevertheless, in order to avoid constraint of NXP semiconductor's licensees for producing and operating MIFARE devices all licensees gets their own pools of serial numbers which they can administer and use according to their own needs and responsibilities.

The problem of exhaustion of unique memory identifications may also concern memory devices apart from MIFARE devices.

Another problem in conjunction with the unique serial numbers of MIFARE and other memory devices is that third parties may “phish” the serial numbers, thereby tracking the use of memory devices by their owners or, even worse, abusing the phished serial numbers for their own unauthorized purposes. This problem is of particular importance in relation to NFC mobile phones, since in this context Service Providers (these are entities like banks, public transport companies, loyalty programs owners etc. who provide contactless services to the users of NFC mobile phones) have the technological possibilities to phish the serial numbers of the memory devices of NFC mobile phones and to build services in their back-end systems by making use of the phished serial numbers, without involving Mobile Network Operators (MNOs) who provide the full range mobile services to the customer, particularly provide NFC terminals plus Over The Air (OTA) transport services, and other companies sponsoring the deployment of the NFC technology. Further, in near future NFC mobile phones will have the ability to change dynamically emulated MIFARE cards, ending with more and more serial numbers used.

OBJECT AND SUMMARY OF THE INVENTION

It is an object of the invention to provide methods of the types defined in the opening paragraph and in the third paragraph, and a server of the type defined in the second paragraph, in which the problems defined above are overcome.

In order to achieve the object defined above, with a method for server-based managing MIFARE User Identifications according to the invention characteristic features are provided so that such a method can be characterized in the way defined below, that is:

A method for server-based managing of unique memory device identifications, such as serial numbers, of memory devices having unique memory device identifications, like MIFARE devices, preferably emulated MIFARE devices like SmartMX cards, which memory devices are arranged in mobile communication devices, comprising:

-   -   keeping a repository of available memory device identifications;     -   fetching a memory device identification from the repository and         sending it to a specific mobile communication device; and     -   instructing the mobile communication device to change the memory         device identification of its associated memory device from its         present value to the received new value.

In order to achieve the object defined above, with a server according to the invention characteristic features are provided so that a server according to the invention can be characterized in the way defined below, that is:

A server having an arithmetic-logic unit and memory means and being connectable to a repository of available memory device identifications and being further connectable via a communication channel to mobile communication devices comprising memory devices having unique memory device identifications, like MIFARE devices, preferably emulated MIFARE devices like SmartMX cards, wherein the server is adapted to:

-   -   fetch a memory device identification from the repository and         send it to a specific mobile communication device; and     -   instruct the mobile communication device to change the memory         device identification of its associated memory device from its         present value to the received new value.

In order to achieve the object defined above, with a method for operating a mobile communication device according to the invention characteristic features are provided so that such a method can be characterized in the way defined below, that is:

A method for operating a mobile communication device that comprises a memory device having a unique memory device identification, like a MIFARE device, preferably an emulated MIFARE device, like a SmartMX card, comprising the steps of:

-   -   receiving via a communication channel a new memory device         identification value and an instruction to change the memory         device identification of its associated memory device from its         present value to the received new value; and     -   changing the memory device identification of the memory device         to the received new value.

In order to achieve the object defined above, a computer program product being directly loadable into the memory of a mobile communication device that is equipped with a memory device having a unique memory device identification, like a MIFARE device, comprises software code portions for performing—when running on the mobile communication device—the steps of the method for operating a mobile communication device according to the above paragraph.

In order to achieve the object defined above, a mobile communication device according to the invention comprises an arithmetic-logic unit and a memory and processes the computer program product according to the above paragraph.

The characteristic features of the invention as defined in claim 1, claim 3 and claim 8 provide the advantage that the unique memory device identifications (MIFARE User Identifications or serial numbers, respectively) are dynamically changed in the memory (MIFARE) devices, thereby preventing unauthorized third parties from successfully phishing and tracking memory device identification of memory devices.

The measures as claimed in claim 2, claim 4, or claim 9, respectively, provide the advantage that they allow to keep a repository of presently unused memory device identifications for future use, which repository is strictly kept under control of at least one server of a trusted authority. Thereby a greater amount of freely available memory device identifications can be achieved.

Preferably, the communication channel is configured either as a telecommunication network of a Mobile Network Operator (MNO) or as a computer network, wherein the server comprises interfaces to connect to said networks, in order to achieve communication with the mobile communication devices that can easily be established and is highly reliable.

In a particularly reliable embodiment of the invention the server is configured as a Trusted Service Manager (TSM) that securely distributes and manages Service Providers' services to Mobile Network Operators' (MNO) customer bases. High reliance and security is guaranteed, since a TSM is the single point of contact for the Service Providers to access their customer base through the MNOs and to manage the secure download and life-cycle management of the mobile NFC application on behalf of the Service Provider.

The present invention is perfectly suited for mobile phones with NFC capabilities that can be equipped with memory devices having unique memory device identifications, such as (emulated) MIFARE devices, like SmartMX cards.

The aspects defined above and further aspects of the invention are apparent from the exemplary embodiments to be described hereinafter and are explained with reference to these exemplary embodiments.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will be described in more detail hereinafter with reference to exemplary embodiments. However, the invention is not limited to them. The exemplary embodiments comprise memory devices being configured as MIFARE devices.

FIG. 1 shows the memory organization of a MIFARE Standard 1 k EEPROM.

FIG. 2 shows the manufacturer block of a MIFARE memory.

FIG. 3 shows the sector trailer of a sector of MIFARE memory.

FIGS. 4 to 8 show flowcharts of the various steps of the present invention. of a first embodiment of the invention.

DESCRIPTION OF EMBODIMENTS

Referring to FIG. 4 a system according to the present invention is explained. This system comprises a server SV which is connected to a repository DB of available memory device identifications MUIDx (=serial numbers) for memory devices, e.g. being configured as MIFARE memory devices. It should be noted that the server SV may be configured as a single server or as a distributed server or even as a number of independent servers each of which managing different pools of memory device identifications MUIDx. In a similar manner the repository DB may be configured as a single repository or as a distributed repository or even as a number of independent repositories. The repository can be a data base, a file system etc. The server SV communicates over a communication channel C with a number of mobile communication devices U1, U2. The communication devices U1, U2 comprise memory devices being configured as MIFARE memory devices MIF1, MIF2 which are preferably configured as MIFARE emulation devices like SmartMX cards. Each of the MIFARE memory devices MIF1, MIF2 has a unique memory device identification MUID1, MUID2. For instance, the memory device identification MUID1 of the MIFARE memory device MIF1 of the first mobile communication device U1 is ‘F1 11 D7 8B’ and the memory device identification MUID2 of the MIFARE memory device MIF2 of the second mobile communication device U1 is ‘F2 22 F7 88’. The mobile communication devices U1, U2 may e.g. be configured as NFC mobile phones. In one embodiment the communication channel C is configured as a telecommunication network of a Mobile Network Operator (MNO) providing full range mobile services to the customers, particularly providing NFC terminals plus Over The Air (OTA) transport services. In an alternative embodiment the communication channel C is configured as a computer network wherein the communication devices U1, U2 are either adapted to be connected to said computer network or the computer network comprises card reader terminals being configured to access the MIFARE memory devices MIF1, MIF2 of the communication devices U1, U2.

When the server SV wants to change the MUID of a specific one of the MIFARE memory devices MIF1, MIF2, e.g. the MUID1 of the MIFARE memory device MIF1 it sends a request REQ to the repository DB to fetch one of the unused memory device identifications MUIDx from the repository DB. The repository DB retrieves one free memory device identification from its pool, e.g. ‘05 5C 3D 90’, deletes it from the pool and transmits it by means of a message GET to the server SV. These steps are shown in the flow chart of FIG. 5.

Next, as shown in the flow diagram of FIG. 6 the server SV sends an instruction CHG to the mobile communication device U1 that comprises MIFARE memory device MIF1. The instruction CHG includes the fetched memory device identification ‘05 5C 3D 90’. The instruction CHG requests the mobile communication device U1 to change the memory device identification MUID1 of its MIFARE memory device MIF1 from presently ‘F1 11 D7 8B’ to the new memory device identification ‘05 5C 3D 90’. For the sake of clarity communication channel C has been omitted from FIGS. 6 to 8 and the messages between server SV and repository DB as well as between server SV and mobile communication devices U1, U2 are represented by arrows directly connecting said devices in order to better illustrate the logic communication flow.

As it is depicted in the flow diagram of FIG. 7 after having changed the memory device identification MUID1 of the MIFARE memory device MIF1 the mobile communication device U1 replies to the server SV with a message RET which contains the previous memory device identification ‘F1 11 D7 8B’. The server SV forwards this previous memory device identification ‘F1 11 D7 8B’ in a message ADD to the repository DB instructing the repository DB to add the memory device identification ‘F1 11 D7 8B’, which has become free, to its pool for future use. By means of this process the memory device identification (=serial number) of the first MIFARE memory device MIF1 has been successfully changed without decreasing the number of available memory device identifications MUIDx in the repository DB. It will be appreciated that the memory device identification MUID2 of the second MIFARE memory device MIF2 has not been influenced by this process.

The memory device identification ‘F1 11 D7 8B’ newly added to the repository DB can e.g. be used to change the memory device identification MUID2 of the second MIFARE memory device MIF2, as shown in the flowchart of FIG. 8. In order to accomplish this the server SV sends a request REQ to the repository DB to fetch an unused memory device identification MUIDx from its pool. The repository DB retrieves the free memory device identification ‘F1 11 D7 8B’ from its pool, deletes it from the pool and transmits it by means of message GET to the server SV. The server SV sends the instruction CHG to the MIFARE memory device MIF2 which instruction includes the fetched memory device identification ‘F1 11 D7 8B’. The mobile communication device U2 when receiving the instruction CHG changes the MUID2 of its MIFARE memory device MIF2 to ‘F1 11 D7 8B’ and returns the previous memory device identification ‘F2 22 F7 88’ by means of a message RET to the server SV which will instruct the repository DB to add it to its pool.

The server SV is preferably configured as a Trusted Service Manager (TSM). Such a TSM securely distributes and manages the Service Providers' services to the Mobile Network Operators' (MNO) customer base. The essential features of the Trusted Service Manager is to provide the single point of contact for the Service Providers to access their customer base through the MNOs and to manage the secure download and life-cycle management of the mobile NFC application on behalf of the Service Provider.

It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word “comprising” does not exclude the presence of elements or steps other than those listed in a claim. The indefinite article “a” or “an” preceding an element does not exclude the presence of a plurality of such elements. In the device claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage. 

The invention claimed is:
 1. A method for server-based managing of unique memory device identifications of memory devices having unique memory device identifications which memory devices are arranged in mobile communication devices, comprising: keeping a repository of available memory device identifications; fetching, by a server, a memory device identification from the repository and sending the memory device identification, by a server, to a specific mobile communication device; and instructing, by a server, the mobile communication device to change the memory device identification of the mobile communication device's associated memory device from a present value to a received new value.
 2. The method for server-based managing of unique memory device identifications as claimed in claim 1, further comprising: instructing the mobile communication device to return the previous value of the memory device identification of the mobile communication device's associated memory device when the value of the memory device identification has changed to the new value; and adding the returned memory device identification value to the repository of memory device identifications.
 3. A server having an arithmetic-logic unit and memory means and being connectable to a repository of available memory device identifications and being further connectable via a communication channel to mobile communication devices comprising memory devices having unique memory device identifications, wherein the server is designed to: fetch a memory device identification from the repository and send the memory device identification to a specific mobile communication device; and instruct the mobile communication device to change the memory device identification of the mobile communication device's associated memory device from a present value to a received new value.
 4. The server as claimed in claim 3, being adapted to: instruct the mobile communication device to return a previous value of the memory device identification of the mobile communication device's associated memory device when the value of the memory device identification has changed to the new value; receive from the mobile communication device a previous value of the memory device identification of the mobile communication device's associated memory device; and add the received memory device identification value to the repository of memory device identifications.
 5. The server as claimed in claim 3, wherein the communication channel is configured as a telecommunication network of a Mobile Network Operator wherein the server comprises an interface to connect to the telecommunication network.
 6. The server as claimed in claim 3, wherein the communication channel is configured as a computer network and the server comprises an interface to connect to the computer network.
 7. The server as claimed in claim 3, being configured as a Trusted Service Manager that securely distributes and manages Service Providers' services to Mobile Network Operators' customer bases.
 8. A method for operating a mobile communication device that comprises a memory device having a unique memory device identification comprising the steps of: receiving from a server via a communication channel a new memory device identification value and an instruction to change the memory device identification of the mobile communication device's associated memory device from a present value to a received new value; and changing the memory device identification of the memory device to the received new value.
 9. The method for operating a mobile communication device as claimed in claim 8, further comprising the step of returning the previous value of the memory device identification over the communication channel after it has been replaced in the memory device by the new value.
 10. A computer program product being directly loadable into the memory of a mobile communication device equipped with a memory device having a unique memory device identification wherein the computer program product comprises software code portions for performing the method of claim
 8. 11. A computer program product as claimed in claim 10, wherein the computer program product is stored on a computer readable medium or is downloadable from a remote server via a communication network.
 12. A mobile communication device with an arithmetic-logic unit and a memory, wherein the mobile communication device is adapted to process the computer program product as claimed in claim
 10. 13. The mobile communication device as claimed in claim 12, being configured as a mobile phone with NFC capabilities. 